Hacking back: Optimal use of self-defense in cyberspace

College

School of Economics

Document Type

Web Resource

Source Title

Social Science Research Network

Publication Date

3-18-2009

Abstract

Should the law permit hackback? How should the law on self-defense in cyberspace be designed? In this paper, we use game-theoretic analysis to develop criteria that determine whether police enforcement, litigation, or hackback is best, and under what circumstances. Our model suggests that the law should permit hackback only if: (1) other alternatives, such as police enforcement and resort to courts, would be ineffective; (2) there is a serious prospect of hitting the hacker instead of innocent third parties; and (3) the damages that can be potentially mitigated to the defender's systems outweigh the potential damages to third parties. The law should require that counterstrikers use only force that is necessary to avoid damage to their own systems. Also, proper liability rules will induce counterstrikers to internalize the damages of third parties in their decision-making. Finally, better intrusion detection systems (IDS) and traceback technology improve the deterrent effect and efficacy of hackback.

html

Digitial Object Identifier (DOI)

10.2139/ssrn.1363932

Disciplines

Computer Law

Note

Abstract only

Series Title

Accepted paper series

Keywords

Hacking; Computer security—Law and legislation

Upload File

wf_no

This document is currently not available here.

Share

COinS